The role of top leadership in IT security: RUAG International Success Story
Cyberattacks represent an enormous challenge for the companies they affect. The challenges increase even more when a suspected cyberattack is made public and discussed in the media. In the case of RUAG International, SEC Consult (Switzerland) was called in to provide support and commissioned to investigate a suspected cyberattack and check the entire IT system for various types of attack.
After the assignment, a specially assembled team began initiating immediate measures to provide the client with certainty about the alleged cyberattack. After intensive forensic analysis, the all-clear was given. At the same time, SEC Consult launched an IRMA (Incident Readiness Maturity Assessment) to evaluate RUAG International’s current security standards. The security gaps found during this exercise were immediately addressed with measures such as patches and expanded security monitoring. Additional measures were scheduled for the coming weeks and months.
Regardless of size, every project needs a planned communication structure. In this case, SEC Consult provided a SPOC (Single Point of Contact) for security issues, who served as the interface between all parties involved and as a contact point for internal and external experts. This centralized communication strategy ensured that everyone involved was always on the same level of knowledge.
A direct line of communication was also established between the CEOs of both companies. In addition to a weekly exchange, the final decisions on the future security strategy and the associated measurable criteria were also made at this level. SEC Consult immediately brought an interim CISO into the company and set up a long-term CISO solution. The recommendations made were implemented by RUAG International at both the technical and organisational levels.
SEC Consult will continue to stand by RUAG International, providing cybersecurity expertise until all planned measures have been implemented. The future roadmap for the upcoming checks and re-checks was also jointly agreed upon. The implementation of a secure and sustainable security strategy will continue to take place in mutual coordination, using the established communication channels.
André Wall, CEO RUAG International
“There is generally too little awareness of the vulnerability in the cyber sector. A company should never feel safe - that‘s why I have made IT security a top priority. In the experts at SEC Consult Switzerland, we have found a trustworthy and reliable partner who has made RUAG International‘s security strategy sustainably fit for the future.”
Stefan Merz, CEO SEC Consult (Switzerland)
“Cyber and IT security always encompasses several levels - because technology without organisation - or vice versa - is always only half the truth. The cooperation with RUAG International is and has been characterised by incredible trust, a regular exchange between all parties involved, and the common goal of ensuring sustainable IT security for our customer.”
About RUAG International
RUAG International is a technology company with a focus on aerospace. The company is currently divided into four business units: Space, Aerostructures, MRO International and Ammotec. In the future, the company will focus purely on space technology as Beyond Gravity.
For more information, please visit: www.ruag.com
Beginning with an engagement for forensic analysis, this project grew to encompass comprehensive security monitoring. Since it was not possible to estimate the duration of the project in advance, the roadmap for the project was constantly adapted.
SEC Consult employed a holistic approach that took both the technical and the organisational levels into account. It included immediate help combined with IT security strategies for the future.
- Well-established team of experts
- Regular communication
- Assistance in the form of networking with
- other experts and employees
- Cooperation at CEO level